hbase-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Andrew Purtell <apurt...@apache.org>
Subject Re: [jira] [Commented] (HBASE-2418) add support for ZooKeeper authentication
Date Sat, 19 Nov 2011 21:07:52 GMT
This seems to be the issue with the HBaseAdmin failure:

> Caused by: java.io.IOException: Couldn't instantiate org.apache.zookeeper.ClientCnxnSocketNIO
> Caused by: java.io.IOException: Too many open files
 
I don't see this locally (obviously). I'd say the QA environment is insufficiently configured.

   - Andy




----- Original Message -----
> From: Hadoop QA (Commented) (JIRA) <jira@apache.org>
> To: issues@hbase.apache.org
> Cc: 
> Sent: Saturday, November 19, 2011 12:28 PM
> Subject: [jira] [Commented] (HBASE-2418) add support for ZooKeeper authentication
> 
> 
>     [ 
> https://issues.apache.org/jira/browse/HBASE-2418?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13153578#comment-13153578

> ] 
> 
> Hadoop QA commented on HBASE-2418:
> ----------------------------------
> 
> -1 overall.  Here are the results of testing the latest attachment 
>   http://issues.apache.org/jira/secure/attachment/12504384/HBASE-2418-6.patch
>   against trunk revision .
> 
>     +1 @author.  The patch does not contain any @author tags.
> 
>     +1 tests included.  The patch appears to include 7 new or modified tests.
> 
>     +1 javadoc.  The javadoc tool did not generate any warning messages.
> 
>     +1 javac.  The applied patch does not increase the total number of javac 
> compiler warnings.
> 
>     -1 findbugs.  The patch appears to introduce 60 new Findbugs (version 1.3.9) 
> warnings.
> 
>     +1 release audit.  The applied patch does not increase the total number of 
> release audit warnings.
> 
>      -1 core tests.  The patch failed these unit tests:
>                        org.apache.hadoop.hbase.client.TestAdmin
>                   org.apache.hadoop.hbase.replication.TestReplication
>                   org.apache.hadoop.hbase.client.TestShell
> 
> Test results: 
> https://builds.apache.org/job/PreCommit-HBASE-Build/313//testReport/
> Findbugs warnings: 
> https://builds.apache.org/job/PreCommit-HBASE-Build/313//artifact/trunk/patchprocess/newPatchFindbugsWarnings.html
> Console output: https://builds.apache.org/job/PreCommit-HBASE-Build/313//console
> 
> This message is automatically generated.
>                 
>>  add support for ZooKeeper authentication
>>  ----------------------------------------
>> 
>>                  Key: HBASE-2418
>>                  URL: https://issues.apache.org/jira/browse/HBASE-2418
>>              Project: HBase
>>           Issue Type: Improvement
>>           Components: master, regionserver
>>             Reporter: Patrick Hunt
>>             Assignee: Eugene Koontz
>>             Priority: Critical
>>               Labels: security, zookeeper
>>              Fix For: 0.92.0
>> 
>>          Attachments: HBASE-2418-6.patch, HBASE-2418-6.patch
>> 
>> 
>>  Some users may run a ZooKeeper cluster in "multi tenant mode" 
> meaning that more than one client service would
>>  like to share a single ZooKeeper service instance (cluster). In this case 
> the client services typically want to protect
>>  their data (ZK znodes) from access by other services (tenants) on the 
> cluster. Say you are running HBase and Solr 
>>  and Neo4j, or multiple HBase instances, etc... having 
> authentication/authorization on the znodes is important for both 
>>  security and helping to ensure that services don't interact negatively 
> (touch each other's data).
>>  Today HBase does not have support for authentication or authorization. This 
> should be added to the HBase clients
>>  that are accessing the ZK cluster. In general it means calling addAuthInfo 
> once after a session is established:
>> 
> http://hadoop.apache.org/zookeeper/docs/current/api/org/apache/zookeeper/ZooKeeper.html#addAuthInfo(java.lang.String,

> byte[])
>>  with a user specific credential, often times this is a shared secret or 
> certificate. You may be able to statically configure this
>>  in some cases (config string or file to read from), however in my case in 
> particular you may need to access it programmatically,
>>  which adds complexity as the end user may need to load code into HBase for 
> accessing the credential.
>>  Secondly you need to specify a non "world" ACL when interacting 
> with znodes (create primarily):
>> 
> http://hadoop.apache.org/zookeeper/docs/current/api/org/apache/zookeeper/data/ACL.html
>> 
> http://hadoop.apache.org/zookeeper/docs/current/api/org/apache/zookeeper/ZooDefs.html
>>  Feel free to ping the ZooKeeper team if you have questions. It might also 
> be good to discuss with some 
>>  potential end users - in particular regarding how the end user can specify 
> the credential.
> 
> --
> This message is automatically generated by JIRA.
> If you think it was sent incorrectly, please contact your JIRA administrators: 
> https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
> For more information on JIRA, see: http://www.atlassian.com/software/jira
> 

Mime
View raw message